diff options
| author | Christian Poessinger <christian@poessinger.com> | 2022-10-31 15:09:58 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2022-10-31 15:10:39 +0100 |
| commit | 22c3dcbb01d731f0dab0ffefa2e5a0be7009baf1 (patch) | |
| tree | c7a5308cd7426c357dde5586e9ead79463475c4b /interface-definitions | |
| parent | 2291f4c7a967bdc81fb19e89f27fb378b2ecd09b (diff) | |
| download | vyos-1x-22c3dcbb01d731f0dab0ffefa2e5a0be7009baf1.tar.gz vyos-1x-22c3dcbb01d731f0dab0ffefa2e5a0be7009baf1.zip | |
ipsec: T4787: add support for road-warrior/remote-access RADIUS timeout
This enabled users to also use 2FA/MFA authentication with a radius backend as
there is enough time to enter the second factor.
Diffstat (limited to 'interface-definitions')
| -rw-r--r-- | interface-definitions/include/radius-timeout.xml.i | 16 | ||||
| -rw-r--r-- | interface-definitions/vpn-ipsec.xml.in | 1 | ||||
| -rw-r--r-- | interface-definitions/vpn-openconnect.xml.in | 15 |
3 files changed, 18 insertions, 14 deletions
diff --git a/interface-definitions/include/radius-timeout.xml.i b/interface-definitions/include/radius-timeout.xml.i new file mode 100644 index 000000000..22bb6d312 --- /dev/null +++ b/interface-definitions/include/radius-timeout.xml.i @@ -0,0 +1,16 @@ +<!-- include start from radius-timeout.xml.i --> +<leafNode name="timeout"> + <properties> + <help>Session timeout</help> + <valueHelp> + <format>u32:1-240</format> + <description>Session timeout in seconds (default: 2)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-240"/> + </constraint> + <constraintErrorMessage>Timeout must be between 1 and 240 seconds</constraintErrorMessage> + </properties> + <defaultValue>2</defaultValue> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/vpn-ipsec.xml.in b/interface-definitions/vpn-ipsec.xml.in index 4776c53dc..64966b540 100644 --- a/interface-definitions/vpn-ipsec.xml.in +++ b/interface-definitions/vpn-ipsec.xml.in @@ -888,6 +888,7 @@ <node name="radius"> <children> #include <include/radius-nas-identifier.xml.i> + #include <include/radius-timeout.xml.i> <tagNode name="server"> <children> #include <include/accel-ppp/radius-additions-disable-accounting.xml.i> diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in index 3b3a83bd4..8b60f2e6e 100644 --- a/interface-definitions/vpn-openconnect.xml.in +++ b/interface-definitions/vpn-openconnect.xml.in @@ -140,20 +140,7 @@ #include <include/radius-server-ipv4.xml.i> <node name="radius"> <children> - <leafNode name="timeout"> - <properties> - <help>Session timeout</help> - <valueHelp> - <format>u32:1-240</format> - <description>Session timeout in seconds (default: 2)</description> - </valueHelp> - <constraint> - <validator name="numeric" argument="--range 1-240"/> - </constraint> - <constraintErrorMessage>Timeout must be between 1 and 240 seconds</constraintErrorMessage> - </properties> - <defaultValue>2</defaultValue> - </leafNode> + #include <include/radius-timeout.xml.i> <leafNode name="groupconfig"> <properties> <help>If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from RADIUS.</help> |